Because REITs do not file quarterly reports on Form 10-Q, the 2021 Form 20-F review season will be the first time their disclosures regarding COVID-19 can be reviewed by the SEC, unless a company has gone through an SEC review process for an offer. See « COVID-19 Disclosures » above. If a corporation is unable to file its annual return on Form 20-F by the due date, it may file a Form 12b-25 (also known as a « Form NT ») no later than one business day after the due date of the annual return. If a corporation files a Form NT in a timely manner, it has an additional 15 days to file its annual return on Form 20-F, and it is still deemed to have filed its annual return in a timely manner in accordance with the reporting requirements of the Exchange Act. While there is no disclosure requirement for issuers that specifically addresses cybersecurity risks and cyber incidents, SEC guidance clarifies that the issuer may still be required to provide information regarding cybersecurity risks and incidents under Regulations S-K and S-X where cybersecurity may be material to meeting an issuer`s business and operational disclosure obligations. Risk factors, management reports, internal controls over financial reporting, and disclosure controls and procedures. The SEC expects firms to provide information tailored to their particular cybersecurity risks and incidents. The SEC stressed the need to avoid generic disclosures related to cybersecurity and provide specific information useful to investors. In March and June 2020, the SEC`s Corporate Finance Division issued guidance on disclosure topics 9 and 9A, which companies should consider in the context of COVID-19 and related market disruptions (as explained in our SEC Issues New COVID-19 Disclosure Guidance). The SEC encouraged « companies to make disclosures that allow investors to assess the current and anticipated impact of COVID-19 through the eyes of management and to proactively review and update information as facts and circumstances change. » In particular, the guidelines stressed the importance of clear information on the management of short- and long-term liquidity and funding risks in the current economic environment. Risk factor. I liked the recent changes to the SEC`s risk factor rule.
But they didn`t go far enough. Instead of limiting the summary to two pages, we limit the entire risk factors section to three pages. To do this, management must determine which risks are the most significant and specific to its business and describe them succinctly in bulleted or digital lists. Revise Regulation S-K to allow registrants to automatically include by reference generic risk factors commonly included in SEC filings. The list of generic risk factors may be linked to the disclosure document by reference to a list of generic risk factors maintained by the SEC and publicly available via a hyperlink in the filing. I would also suggest creating industry-specific standard risk factors. For example, there could be a standard set of risk factors for financial institutions – do we really need a bank to warn us that if loans go wrong, it will affect the bottom line? These risks could also be related to the presentation. The SEC could establish a working group of relevant industry participants to regularly update standard risk factors (annually or less frequently). In this way, the identification of these more common risk factors would still be available to investors, but in a way that does not unnecessarily increase the length of disclosure documents.